Skip Menu |

Download (untitled) / with headers
text/plain 2.9KiB
From Tue May 21 04:27:54 2002
Received: from (FORT-POINT-STATION.MIT.EDU [])
by (8.9.3/8.9.3) with ESMTP id EAA23768
for <>; Tue, 21 May 2002 04:27:54 -0400 (EDT)
Received: from ( [])
by (8.9.2/8.9.2) with ESMTP id EAA13914
for <>; Tue, 21 May 2002 04:27:52 -0400 (EDT)
Received: by (Postfix, from userid 5)
id DDE8B144848; Tue, 21 May 2002 18:27:50 +1000 (EST)
Received: from orange( by via csmap (V4.1)
id srcAAAxfaO6d; Tue, 21 May 02 18:27:50 +1000
Received: from (unknown [])
by (Postfix) with ESMTP
id ACCA8144847; Tue, 21 May 2002 18:27:49 +1000 (EST)
Received: (from darrenr@localhost)
by (8.8.8+Sun/8.8.8) id SAA12282;
Tue, 21 May 2002 18:27:47 +1000 (EST)
Message-Id: <>
Date: Tue, 21 May 2002 18:27:47 +1000 (EST)
Subject: login(8) sets KRB5CCNAME different to klist(1)
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 1110
>Category: krb5-appl
>Synopsis: login(8) sets KRB5CCNAME different to klist(1)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue May 21 04:28:01 EDT 2002
>Last-Modified: Tue May 21 09:16:27 EDT 2002
>Originator: Darren Reed
Show quoted text
>Release: krb5-1.2.5

System: SunOS chiron 5.5.1 Generic_103640-34 sun4u sparc SUNW,Ultra-2
Architecture: sun4

Show quoted text
When logging in, login.krb5 sets $KRB5CCNAME to /tmp/krb5cc_p<PID>
whereas klist uses /tmp/krb5cc_<UID>. So if we are logged in to a
host and then telnet back to itself and login is ourself, klist will
not display any tickets.
Show quoted text
L1$ unset KRB5CCNAME
L1$ kinit
<enter password>
L1$ klist
<displays tickets>
L1$ telnet -x localhost
L2$ klist
<no tickets displayed>
Show quoted text
login.krb5 should be more intelligent about its choice for $KRB5CCNAME.
If it can see a krb5cc_<UID> that is owned by the right UID and has
adequate permissions, perhaps it should set $KRB5CCNAME to that instead.
Show quoted text

State-Changed-From-To: open-closed
State-Changed-By: hartmans
State-Changed-When: Tue May 21 09:15:13 2002
We do not consider this a bug. We in general consider it desirable to
get a single
credentials cache per session, rather than per user.
WE'd probably also consider it OK if login.krb5 left KRB5CCNAME alone
if it obtained
no tickets, but the current behavior is also acceptable.

If you want tickets in a session, forward them.

Show quoted text